International Journal of Accounting Information Systems xxx (xxxx) xxx

Contents lists available at ScienceDirect

International Journal of Accounting Information

Systems

Embedding process mining into financial statement audits

Michael Werner a,⇑, Michael Wiese b, Annalouise Maas b
a
University of Amsterdam, Plantage Muidergracht 12, 1018 TV Amsterdam, Netherlands
b
Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft, Wittekindstr. 1a, 45131 Essen, Germany

a r t i c l e i n f o a b s t r a c t

Article history: The audit of financial statements is a complex and highly specialized process. Digitalization
Received 13 September 2019 and the increasing automation of transaction processing create new challenges for auditors
Revised 21 January 2021 who carry out those audits. New data analysis techniques offer the opportunity to improve
Accepted 16 March 2021
the auditing of financial statements and to overcome the limitations of traditional audit
Available online xxxx
procedures when faced with increasingly large amounts of financially relevant transactions
that are processed automatically or semi-automatically by computer systems. This study
Keywords:
discusses process mining as a novel data analysis technique which has been receiving
Process mining
Data analytics
increased attention in the audit practice. Process mining makes it possible to analyse busi-
Audit of financial statements ness processes in an automated manner. This study investigates how process mining can
Big data, Data science, Business intelligence be integrated into contemporary audits by reviewing the relevant audit standards and
Business process modelling incorporating the results from a field study. It demonstrates the feasibility of embodying
Enterprise resource planning systems process mining within financial statement audits in accordance with contemporary audit
Field study standards and generally accepted audit practices. Implementation of process mining
increases the reliability of the audit conclusions and improves the robustness of audit evi-
dence by replacing manual audit procedures. Process mining as novel data mining tech-
nique provides auditors the means to keep pace with current technological
developments and challenges.
Ó 2021 The Author(s). Published by Elsevier Inc. This is an open access article under the CC
BY license (http://creativecommons.org/licenses/by/4.0/).

1. Introduction

This study concerns the application of data science in the profession of auditing and explores how the technique of pro-
cess mining can conceptually be embedded into the audit of financial statements. This paper answers the call from
Appelbaum et al. (2017) for more research in the context of big data and analytics in modern audit engagements. Guidance
and evidence on how this can be done to meet the requirements of contemporary International Standards on Auditing (ISA)
are provided.
Companies have automated their increasingly complex operations using advanced computer systems. This development
has also affected the accounting and audit profession. Public accountants face new challenges because of this increase in
automated transaction processing, the growing heterogeneity of source systems, the greater complexity of business pro-
cesses and the increasing volumes and variety of created data. International and national audit standards do not directly
specify how data analysis techniques can or should be employed in contemporary audits (IFAC, 2016). Historically, computer
assisted audit tools (CAATs) have seldom been used as technological support in external audits (Braun and Davis, 2003;
Debreceny et al., 2005). The acceptance of advanced data analysis techniques like regression or classification has generally

⇑ Corresponding author.
E-mail addresses: m.werner@uva.nl (M. Werner), michael.wiese@de.ey.com (M. Wiese), annalouise.maas@de.ey.com (A. Maas).

https://doi.org/10.1016/j.accinf.2021.100514
1467-0895/Ó 2021 The Author(s). Published by Elsevier Inc.
This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Please cite this article as: M. Werner, M. Wiese and A. Maas, Embedding process mining into financial statement audits, International Jour-

nal of Accounting Information Systems, https://doi.org/10.1016/j.accinf.2021.100514

M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

been low in the audit profession (Kim et al., 2009), although these are particularly important in the context of big data (Chen
et al., 2012).
Although CAATs have not previously been especially popular among the Big Four accounting firms (Bierstaker et al.,
2014), a change in this trend appears to be taking place. In recent years, all large audit firms have embedded advanced data
analysis techniques into novel audit tools such as Deloitte’s Spotlight (Deloitte, 2019), EY’s Helix (EY, 2019a), KPMG’s Clara
(KPMG, 2020) or PwC’s Halo (PwC, 2019a). The analysis techniques embedded in these tools typically rely on data that are
financial in nature. Analyses focus on testing individual transactions in the general ledger to support journal entry testing
and on performing partially automated analytical procedures to address the audit objectives of specific account balances
(FRC, 2017). To date, analysing and evaluating audit clients’ internal processes and controls is primarily a manual task that
involves the observation of employees performing process and control activities, inquiries with process owners, reviews of
process documentation and manually testing samples of source documents.
This study focuses on process mining as a relatively novel data analysis technique (van der Aalst, 2016). Process mining
algorithms analyse data from operational computer systems to provide information about the business processes within an
organization. This has the potential to help auditors overcome severe limitations and inefficiencies in present-day audits,
particularly in assessing the design and operating effectiveness of internal controls. Typical traditional audit procedures pro-
vide little if any reliable information when business transactions are largely processed by computers instead of humans and
control procedures are embedded and automated in the software itself. The individual and manual inspection of a suffi-
ciently large sample of transactions becomes inefficient or even impossible in industries that process millions or billions
of transactions every day, as in the retail or telecommunications industries.
Novel data analysis techniques which can deal with big data can help overcome the challenges associated with extremely
voluminous, heterogeneous and rapidly accumulating data (De Mauro et al., 2016). Process mining techniques make it pos-
sible to create reliable business process models automatically by analysing the recorded data produced by a company’s oper-
ational computer systems during the course of transaction processing. It can be a substitute for time-consuming and error-
prone manual data collection to aid in understanding and testing an audited entity’s business processes and internal control
system. Application of process mining enables the auditor to assess standard processes very efficiently and to allocate audit
resources to those occurrences that deviate from standard procedures. They usually exhibit a much higher audit risk than
standard transactions. The application of process mining further provides a foundation of empirical quantitative data that
enables the auditor to employ additional data analytics and artificial intelligence approaches, as suggested by Jans and
Hosseinpour (2018).
All Big Four companies have started to adopt process mining techniques for auditing or consulting services (Deloitte,
2020; EY, 2019b; KPMG, 2018; PwC, 2019b). Although the potential of novel data analytics is significant for financial state-
ment audits, there is uncertainty about how such techniques can be integrated into existing audit approaches and applied in
accordance with relevant audit standards (IFAC, 2016). This uncertainty is a severe impediment to the use of novel data anal-
ysis techniques in the audit profession. This study seeks to reduce this uncertainty and to lower perceived barriers to adop-
tion. It relies on the analysis and interpretation of the relevant ISA, as well as related studies and the results from a field
study to discuss how process mining can be embedded into contemporary financial statement audits. Although several pub-
lications describe case studies in the context of internal (Jans et al., 2013, 2014) and external auditing (Werner and Gehrke,
2019), as well as the technical aspects of process mining algorithms from an external audit perspective (Werner, 2017;
Werner and Gehrke, 2015), we are not aware of any conceptual study that investigates how process mining can be embedded
into currently prevailing audits as required by the ISA.
This study is organized as follows. The next section describes the chosen methodology. Section three provides an over-
view of existing studies and introduces the fundamental aspects of process mining relevant for this study. Section four
describes the current use of data analysis techniques in the audit of financial statements as a foundation to illustrate, in sec-
tion five, how process mining can be embedded in contemporary external audits as a novel data analysis technique. The
study closes with a summary in the last section.

2. Methodology

This study relies on the systematic analysis of the ISA and related literature, as well as insights gained from a field study
on the application of process mining in the audit practice. It is also informed by one of the authors’ engagement as an aca-
demic adviser to the International Auditing and Assurance Standards Board (IAASB) Data Analytics Work Group (DAWG).
Financial statement audits are carried out by chartered public accountants: ‘‘The purpose of an audit is to enhance the
degree of confidence of intended users in the financial statements” (ISA 200 sec. 3, IFAC, 2009a). These audits are important
for the functioning of economic markets and serve as a safeguard to ensure that financial statements present a true and fair
view of the reporting entities’ financial position and performance in accordance with relevant accounting frameworks. They
prevent the publication of false financial information that might detrimentally impact decisions made by stakeholders.
Organizations are legally obliged to prepare their financial statements fairly and truthfully. They have to apply generally
accepted accounting principles (GAAP) and standards when preparing their financial statements. This ensures that the pub-
lished statements display correct and comparable information to their audience. Governments have entrusted the issuing of
accounting standards to specific entities. Such standard-setting bodies include the International Accounting Standards Board
2
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

(IASB) at the international level and, at the national level, the Financial Accounting Standards Board (FASB) in the USA and
the Deutsches Rechnungslegungs Standards Committee (DRSC) in Germany, for example. These organizations issue the
International Financial Reporting Standards (IFRS), the FASB Accounting Standards Codification (ASC) and the Deutsche
Rechnungslegungs Standards (DRS), respectively.
Chartered public accountants are in charge of auditing the financial statements prepared by reporting companies, and
auditing standards provide guidance to auditors in doing so. The standards are issued by regulatory bodies such as the Inter-
national Auditing and Assurance Standards Board (IAASB) for the ISA, the Public Company Accounting Oversight Board
(PCAOB) for the Auditing Standards (AS), and the Institut der Wirtschaftsprüfer (IDW) for the IDW Prüfungsstandards
(IDW PS). Laws, regulations and standards differ by country, but a convergence has taken place over the past few decades
between different accounting frameworks (Barth, 2008). This study primarily relies on the systematic analysis of relevant
ISA, as these have been adopted by most countries around the world including the USA and the member states of the Euro-
pean Union (IFAC, 2012a).
The discussion of how to embed process mining into contemporary audit approaches is here substantiated by means of a
field study – that is, the implementation of process mining for external audit purposes at one of the world’s leading audit
firms. The development of suitable process mining tools and their implementation into pilot projects across central European
countries involved two of the authors of this study via direct supervision. Formal focus group meetings of the authors with
experts from the case company’s research and development unit took place several times between August 2016 and March
2019. The case company developed a proprietary mining tool and application procedures tailored to financial statement
audits. Process mining was integrated into financial statement audits for several pilot engagements in 2018 and 2019.
The outcomes of applying process mining to analyse the procurement process for one audited entity serve as an example
for demonstration purposes. The analysis of the traditional use of data analysis techniques during an audit served as a ref-
erence point to discuss how the process mining techniques can complement these.
One of the authors of this study serves as an academic adviser to the DAWG as a member of its project advisory panel. The
IAASB set up the DAWG to explore emerging developments in the effective and appropriate use of technology, to enhance
audit quality and to explore how the IAASB can most effectively respond to these emerging developments by revising exist-
ing ISA or preparing non-authoritative guidance (IFAC, 2018a). Of particular interest is the DAWG’s request for input (IFAC,
2016) summarizing contemporary challenges related to novel technologies in the audit profession and the need to revise
existing audit standards. These challenges form the motivation for the study at hand. The document emphasizes that the
concept of technology used to support financial statement audits (CAATs) emerged in a very different technological era
(IFAC, 2016, sec. 9). It is therefore necessary to develop solutions for how to use and integrate contemporary data analysis
techniques into existing audit approaches. As a result of this work, the exposure draft for revising ISA 315 (IFAC, 2018b)
explicitly recognizes the importance and use of automated tools and techniques to perform risk assessment procedures. This
includes, for example, using technology to perform procedures on large volumes of data to provide information that is useful
for the identification and the assessment of risks of material misstatement. The work of the DAWG takes place on the insti-
tutional level of standard setters. This study deals with the question of how a specific data analysis technique – process min-
ing – can be embedded into contemporary audits for concrete audit settings in compliance with contemporary ISA.

3. Background and related literature

Process mining uses recorded event log data, which can be extracted from a source system, to provide information about
business processes (van der Aalst, 2016), as well as graphical representations. The source system can be any process-aware
information system (Dumas et al., 2005), such as enterprise resource planning (ERP) or workflow management systems. In
recent years, sophisticated general-purpose mining algorithms have been developed, including heuristic (Weijters et al.,
2006), fuzzy (Günther and van der Aalst, 2007) and genetic (de Medeiros, 2006) mining algorithms. More recent examples
include the Split Miner (Augusto et al., 2017) or those using integer linear programming (van Zelst et al., 2018). Several com-
panies offer sophisticated commercial process mining tools (Celonis, 2020a; fluxicon, 2020; LANA Labs, 2020; UiPath, 2020;
Zapliance, 2020). Process mining packages also exist for programming languages such as Python (Fraunhofer Institute for
Applied Information Technology, 2020) and R (Janssenswillen et al., 2019).
A mining algorithm analyses input data to create the process models as output. Input data have to be extracted from the
relevant source information systems and transformed into an event log, which contains all of the recorded events that relate
to the executed business activities. A process model abstracts from the observed behaviour of individual business process
executions, which are called process instances. A process model therefore represents a set of different process executions
with identical or similar behaviour. Each executed process activity is recorded as an event in the event log. Every event is
mapped to a case, which represents a single process instance. The sequence of recorded events in a case is called trace, which
in turn describes the sequence of activities as they have been recorded, and this sequence determines the control flow mod-
elled in the corresponding process models. Cases belonging to the same business process exhibit identical or similar traces,
and process executions of a specific process that represent identical traces are called variants (Chiu and Jans, 2019; Jans et al.,
2014). A complete specification for event logs is available in Günther and Verbeek (2012).

3
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 1. Example of a mined procurement process.

Fig. 1 provides a visual example of the type of business process model that can be produced by mining algorithms. It
shows a model of specific procurement process that was mined using the Celonis process mining software (Celonis,
2020a).1 The depicted process consists of 10 different activities, which are shown as hexagons that are labelled with names
of the represented transaction and the number of executions. This number states how often the respective activity was carried
out in the analysed process; the frequency of each activity is also illustrated by the degree of shading – the darker the symbol
the more frequent the represented activity. The hexagons with the embedded triangle and rectangle indicate the start and end
of the process model. The arrows define the sequence of activities (control flow). The inscriptions on these arrows indicate how
often one activity was followed by another, while the shading and thickness of the lines highlight their relative frequency.
Process mining has served as an analysis technique in various scientific investigations for process discovery, conformance
checking, enhancement and social network analysis (Maita et al., 2017). It has been applied in scientific studies to a variety of
different application domains, ranging from the healthcare (Yoo et al., 2016) and IT (Edgington et al., 2010) sectors to textiles
(Lee et al., 2016), shipping (Wang et al., 2014) and the manufacturing industry (Lee et al., 2013).
Process mining has also been applied for auditing (Jans et al., 2013, 2014) and fraud detection (Baader and Krcmar, 2018),
but scientific publications related to process mining in the context of external auditing are scarce. Jans (2012); Jans et al.
(2013) have discussed opportunities, challenges and limitations related to process mining in the context of internal auditing
and have also conducted related case studies (Jans et al., 2014, 2008). Another research group has focused on the application
of process mining in the context of external statutory audits (Gehrke, 2010; Gehrke and Müller-Wickop, 2010; Müller-
Wickop et al., 2011; Werner, 2013; Werner et al., 2013, 2012; Werner and Gehrke, 2015. Although these publications deal

1
The software is freely available for academic purposes via the Celonis Academic Alliance (Celonis, 2020b).

4
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

with process mining in the context of internal or external auditing, we are not aware of any study that conceptually inves-
tigates how process mining can be embedded into the overall audit process.

4. Contemporary use of data analysis techniques in the audit

The ISA2 do not require a specific process to carry out statutory audits, but the typical phases of an audit of financial state-
ments in practice are shown in Fig. 2.3
Generalized audit software such as IDEA (CaseWare International Inc., 2020) or Galvanize (formerly known as ACL, Audit
Command Language; Galvanize, 2020) have existed since the 1990s and are used for different purposes in financial audits
(Arens et al., 2017). CAATs have historically not been be used extensively in external audits (Bierstaker et al., 2014; Braun
and Davis, 2003; Debreceny et al., 2005), but all large audit firms have embedded data analysis techniques into their audit
approach (Deloitte, 2019; EY, 2019a; KPMG, 2020; PwC, 2019a). Data analysis techniques can, in principle, be used to sup-
port procedures in all audit phases. Fig. 3 provides an overview of audit activities which are currently supported using data
analysis techniques; this overview also provides references to relevant ISA which specify the requirements for each listed
activity.
Data analyses play a particularly important role for gaining an understanding of the audited entity and for risk assess-
ment. They are used for analysing general ledger data, re-building the balance sheet and income statement from the popu-
lation of transactions, and gaining an understanding of the composition of account balances and classes of transactions (ISA
315 sec. 11, IFAC, 2012b). Key performance indicators are calculated from aggregated financial statement data, and trends
are analysed based on account balance data. The partially automated identification of significant changes or the absence
of expected changes from prior periods supports the identification of risks of material misstatements (ISA 315 sec. A19,
IFAC, 2012b).
Examples of data analysis techniques that auditors use for designing and executing procedures to address the identified
risks of material misstatements include the recalculation (ISA 500 sec. 7 and A19, IFAC, 2009f) of documents to assess the
reliability and completeness of evidence or testing populations of journal entries recorded in the general ledger to support
the identification of unusual items (ISA 240 sec. 33, IFAC, 2009c). Data analyses are also performed as substantive analytical
procedures (ISA 520 sec. 5, IFAC, 2009g); these include gross margin analysis, trend analysis of specific accounts and the
analysis of debtor or creditor balances and open items, as well as their movements over time. CAATs support the stratifica-
tion of populations for audit sampling (ISA 530 sec. 5 and appendix 1, IFAC, 2009h). Partially automated techniques that
summarize the general ledger data and provide descriptive analyses, including significant changes compared to the prior
period (ISA 520 sec. 6, IFAC, 2009g) support auditors in forming, communicating and documenting an audit conclusion
(ISA 230 sec. 8, IFAC, 2009b; ISA 330 sec. 38, IFAC, 2009e).
These examples illustrate the different purposes for data analysis throughout an audit. They can be applied along the
entire audit process and to all types of audit procedures (AICPA, 2017). Although data analysis techniques are used for var-
ious purposes the field study revealed that they currently just cover the analysis of business processes and the test of con-
trols to a very limited extent, as highlighted in Fig. 4. Data analyses are sometimes used as reperformance procedures (ISA
500 sec. A20, IFAC, 2009f) that supplement the understanding of internal controls. They can also be used to assess already
identified controls by reviewing system parameters for automated controls (Gehrke, 2010). Such analyses only consider indi-
vidual controls in an isolated manner. Traditional data analytics tools do not provide algorithms to construct process views
from readily available data. The use of business process analytics in the audit profession is still generally limited (FRC, 2017).
Process mining complements other data analysis techniques (AICPA, 2017 example 2–5), which primarily rely on finan-
cial data, while process mining uses data from event logs. This makes it possible to analyse whole processes and the controls
that govern these processes. This is the key characteristic of process mining techniques, whose algorithms produce process
models as visualizations and provide quantitative information about the analysed processes. A Benford analysis (Nigrini,
2012) carried out as a traditional data analysis technique for the identification of unusual items (ISA 240 sec. 33, IFAC,
2009c) by analysing journal entry data, for example, makes it possible to identify potential outliers in a given data set. Pro-
cess mining makes it possible to gain a complete understanding of an analysed process, including the activities that are car-
ried out and by whom, which data elements and documents are created, and their effect on the financial accounts. This
provides a process-level perspective on the analysed data and can serve as the input to test relevant internal controls
(Chiu and Jans, 2019; Jans et al., 2014) and to apply further advanced data analysis techniques (Jans and Hosseinpour,
2018; Werner and Gehrke, 2019). We are not aware of any other data analysis technique that provides this kind of
information.
A challenge for using audit data analytics is identifying control overrides and changes to data during the course of pro-
cessing, such as price changes to purchased goods or the authorization of payments using a system administrator account.
Overrides can be authorized after the fact, and the data can be brought back into compliance before the end of a reporting

2
The exposure draft and corresponding implications of the planned revision of ISA 315 have not been considered for this study, as the draft has not yet been
released as a standard.
3
There are currently 37 standards included in the ISA, but the diagram only shows the selected standards that are important for each phase, provide general
information about the contemporary audit approach and are particularly relevant for the context of this study.

5
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Understanding the Enty and its Environment, Including the Enty's Internal
Control (ISA 315)
• Inquiries, analycal procedures, observaon and inspecon about
• External factors and the nature of the enty

Planning is not a discrete phase of an audit, but rather a

• The enty's internal control (design of internal controls and their effecveness)

Planning an Audit of Financial Statements (ISA 300)

including the relevant informaon system and related business processes

Idenfying and Assessing the Risk of Material Misstatement (ISA 315)

• Financial statement level
• Asseron level for classes of transacons, account balances, and disclosures
• Idenfying significant risks
• Determining the nature, ming and extent of further audit procedures

connual and iterave process

Auditor's Responses to Assessed Risks (ISA 330)
• Test of controls
• Substanve procedures
• Test of details
• Substanve analycal procedures

Forming an Opinion and Reporng on Financial Statements

•
(ISA 700)
• Form an opinion on whether the financial statements are prepared, in all
material respects, in accordance with the applicable financial reporng
framework

Fig. 2. Financial statement audit process.

period. Process mining reveals these kinds of activities. The time relationships and sequence of events are made explicit and
can be analysed accordingly, and this reveals changes and temporary control deviations.
Necessary process data are readily available. The same is true for mature process mining algorithms and scientific pub-
lications dealing with process mining in the context of internal and external auditing. One of the major obstacles seems to be
uncertainty regarding whether and how the application of process mining complies with contemporary audit standards and
how it can be embedded into contemporary audit approaches. These questions have remained unanswered, although they
are highly relevant for the audit profession. The next section discusses possible answers to these questions and demonstrates
how to apply process mining conceptually and practically in contemporary audit engagements.

5. Embedding process mining into the financial statement audit process

Process mining is particularly relevant for assessing the design and operating effectiveness of internal controls during an
audit and thus fills a gap in the portfolio of currently available data analysis techniques. It can also serve several alternative
purposes throughout the different phases of an audit.
Fig. 5 provides an overview of how process mining can be embedded into the audit process to support the execution of
audit activities required by the ISA for each audit phase. It follows the same structure as Fig. 3. The next subsections explain
how process mining can conceptually and practically be employed for each phase.

5.1. Phase I: Understanding the entity

ISA 315 requires the auditor ‘‘(. . .) to identify and assess the risks of material misstatement in the financial statements,
through understanding the entity and its environment, including the entity’s internal control” (ISA 315 sec. 1, IFAC, 2012b).
To achieve this, the auditor has to ‘‘obtain an understanding of (. . .) the related business processes, relevant to financial
reporting (. . .)” (ISA 315 sec. 18, IFAC, 2012b). Process mining provides the auditor information about how the business pro-
cesses in an audited entity relate to the entity’s financial accounts. This enables the auditor to provide an initial assessment
of relevant risks using analytical procedures (ISA 315 sec. 6, IFAC, 2012b), to establish a preliminary audit strategy (ISA 300
sec. 2, IFAC, 2009d) and to assess the overall expected audit effort. The relationship between processes and specific financial
accounts can be visualized and analysed quantitatively to get an understanding of how the balance sheet and income state-
ment accounts are composed. It is possible to reconcile the mined process models to the financial accounts. Each mined pro-
6
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 3. Contemporary use of data analysis techniques in audits.

Fig. 4. Potential use of data analysis techniques throughout the audit (). adapted from AICPA, 2017, p.5

cess model represents a set of transactions which have been recorded in the source system. The total posting values created
by those transactions can be totalled and compared to the values in the financial accounts. This provides information about
whether the analysed data elements are accurate and complete. While other data analysis techniques are useful to analyse
the composition of financial statement account balances, process mining can establish an understanding of how the business
processes relate to those accounts.
Fig. 6 shows a screenshot from the case company’s process mining tool for an audited client. It illustrates the reconcili-
ation of the values discovered by process mining with the account balances for the relevant period. The Debit and Credit col-
umns show the total values of debit and credit postings yielded by the analysed process. The respective financial accounts
are listed in the left-hand column. The column Net activity shows the corresponding balance for each account at the end of
the reporting period. It can be seen that the mined process covered 90.63 per cent of all debit and 90.43 per cent of all credit
posting to the Goods Received / Invoices Received (GR/IR) clearing account for trading goods, as well as 95.27 per cent of debit
and 95.14 per cent of credit postings for the Trade accounts payable – third local.
The mined process appears to cover the vast quantity of transactions that occurred within the audited company which
relate to the procurement of products held for trade from local third parties. Reconciliation with further accounts shows,

7
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Audit Phase Supported Audit Activities Relevant Audit Standard

► Obtain an understanding of the composition of the balance sheet and income statement ISA 240.22, ISA 300.2, ISA 315.6
Understand
the entity

accounts.
► Initial assessment if reliance on the internal controls system is feasible. ISA 315.20, ISA 315.26, ISA 330.6
► Documentation of obtained understanding regarding the audited entity. ISA 315.32, ISA 230.8, ISA 330.28

► Obtain an understanding of the significant classes of transactions related to the analyzed ISA 315.18, ISA 315.20, ISA 315.26
processes.
Identify & assess

► Determination if the processing of significant classes of transactions is highly automated. ISA 315.30, ISA 330.8
risks

► Assessment of relevant risks via automated analysis of identified business processes for ISA 315.5, ISA 315.6, ISA 315.25
each relevant assertion and each significant account or disclosure.

► Assessment if control activities are implemented in the analyzed processes for ISA 315.13, ISA 315.20, ISA 315.21
significant risks and whether these have been designed and implemented to achieve ISA 315.29
relevant control objectives.

Identification of activities in the analysed process that represent control activities relevant ISA 330.6, ISA 330.15
execute responses

►
to the audit. A control exception is indicated if such an activity was missing in a process
variant to a material extent.
Design and
to risks

► Assessment when and by whom a control activity was executed. Evaluating the ISA 330.8, ISA 330.10
operating effectiveness of controls relevant to the audit by directly analysing the
recorded transaction data values within a process.
► Identification of deviations from standard procedures to assess potential impact on the ISA 330.17
reliance of internal controls and to guide further substantive audit procedures.

► Documentation of the number of transactions and their total posted amount that is ISA 230.2, ISA 315.20, ISA 330.17
affected by a control exception.
communicate

Conclude

► Assessment whether the control exception rate exceeds acceptable tolerances. ISA 530.13
and

► Modification of risk assessment if the types of exceptions are systematic and no ISA 315.20, ISA 330.17
compensating controls can be identified.
► Observation and communication of possible root causes of control exceptions to the ISA 265.5, ISA 330.17, ISA 530.12
auditee.

Fig. 5. Embedding process mining into contemporary financial statement audits.

Fig. 6. Financial reconciliation.

however, that clearing accounts for others as well as trade accounts payable for non-local suppliers and those denominated
as manual are only covered to a much smaller extent or not at all. Besides providing information about the completeness and
accuracy of the analysed transactions, such a reconciliation helps the auditor to identify unusual or unexpected relationships
(ISA 240 sec. 22, IFAC, 2009c).

8
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 7 shows the mined process model for the procurement process of the audited entity. It visually represents the com-
plexity of the analysed process. By inspecting the model, auditors can assess if important control activities, such as the
approval of purchase orders, were present or missing (ISA 315 sec. 20, IFAC, 2012b). By analysing processing times and
uncommon control flow paths – as well as infrequent activities – auditors can assess the inherent audit risk (ISA 315
sec.16, IFAC, 2012b) and initially assess whether the testing of related internal controls is a feasible audit strategy to address
identified risks (ISA 330 sec. 6, IFAC, 2009e, sec. 6).
Documentation of the obtained understanding of the audited entity is an important requirement for external audits (ISA
330 sec. 28, IFAC, 2009e, ISA 230 sec. 8, IFAC, 2009b, ISA 315 sec. 32, IFAC, 2012b). It is commonly a time-intensive manual
task, and auditors usually carry out inquiries with key personnel and review existing process documentation to prepare pro-
cess charts or textual process descriptions. There are frequently significant differences between these process descriptions,
the views of the process owners and the understanding obtained by the auditor. The results of process mining, such as the
process model shown in Fig. 7, provide reliable documentation of the audited process which is created automatically, and
can be used as the auditor’s working papers.

5.2. Phase II: Identify and assess risks

Process mining enables the auditor to understand and deconstruct significant classes of transactions by identifying the
control flow paths in a mined model which represent a notable proportion of the overall recorded transactions that are sig-
nificant for the financial statements (ISA 315 sec. 18(a), IFAC, 2012b). Fig. 8 shows the results for the analysis of different
classes of transactions. It reveals that the mining algorithm discovered 2,393 variations of the procurement process. A pro-
cess variant in this context is understood as a process model which represents cases with identical traces, hence identical
control flow paths.4 The bar charts on the left side of Fig. 8 show that a single variation of the process represents 37.32 per cent
of all analysed cases. The second most common variant only covers 9.92 per cent of all cases, whereas the vast majority of vari-
ants represent only single cases, which is in line with the results from related studies (Jans et al., 2014). The process model rep-
resenting the most frequent variation of the business process (also called the critical path) is shown on the right-hand side of
Fig. 8. This visualization shows the auditor whether control activities were recorded which govern the represented class of
transactions (ISA 315 sec. 20, IFAC, 2012b).
Through the analysis of different classes of transactions via process mining – in combination with the financial reconcil-
iation mentioned earlier – the auditor receives quantitative information about the degree of automation in the transaction
processing. The information gained from the financial reconciliation tells the auditor the quantity of transactions relevant for
a financial account that were actually recorded via semi- or full-automated processes. Fig. 9 shows the results of a social net-
work analysis for those (anonymized) users that executed activities in the source system related to the analysed process.
These users can be humans or system users; the activities executed by system users are guided by the rules embedded in
the source system’s software itself without the interaction of human users. The higher the quantity of transactions processed
by system users and the more central they are in the network, the higher the degree of automation. This allows the auditor to
assess risks associated with the automation of transaction processing (ISA 315 sec. 30, IFAC, 2012b), such as incorrect imple-
mentation or manipulation of system users, to determine appropriate responses for assessing the design and operating effec-
tiveness of relevant internal controls (ISA 330 sec. 8, IFAC, 2009e).
In summary, the information gained through process mining makes it possible to identify the relevant risks of material
misstatements in financial statements (ISA 315 sec. 5, IFAC, 2012b) because the auditor receives reliable information about
the business processes in the audited entity, their characteristics and potential weaknesses via novel analytical procedures
(ISA 315 sec. 6, IFAC, 2012b). This information helps the auditor to identify and assess the risk of material misstatement at
the assertion level5 for significant classes of transactions, account balances and disclosures (ISA 315 sec. 25, IFAC, 2012b).
The ISA require auditors to assess the design of internal controls for identified risks in terms of their suitability to achieve
relevant control objectives (ISA 315 sec. 29, IFAC, 2012b). For each significant risk, the auditor can identify whether control
activities existed that mitigated that risk. A risk in the procurement process could be, for example, the processing of fictitious
payments which might lead to incorrect postings in financial accounts. A corresponding control would be that no payments
were processed without existing invoices, as in the process model representing the critical path shown in Fig. 8. By inspect-
ing the mined process model, the auditor can determine when and by whom control activities were performed and whether
the sequence of activities within the critical path supports the control objectives (ISA 315 secs. 13, 20, and 21, IFAC, 2012b).
For each identified control, the auditor can decide whether to rely on its operating effectiveness or to follow up on exceptions
to identify material weaknesses.

4
The number of variations is comparable to those discovered in other studies (Jans et al., 2014; Werner and Gehrke, 2015). Jans et al. (2014) discovered 304
procurement process variants, but analysed data covering just a single month. The study presented by Werner and Gehrke (2015) discovered 307 to 841
different process models, but used a different mining algorithm.
5
Management assertions are an important concept in financial reporting and auditing (ISA 315 sec. 3, IFAC, 2012b): ‘‘They are part of the criteria that
management uses to record and disclose accounting information in financial statements” (Arens et al., 2017, p. 182). Assertions include, for example, the
existence and completeness of all transactions represented in the financial statements.

9
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 7. Process model of analysed procurement process.

Fig. 8. Critical path analysis.

10
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 9. Network analysis of executed activities.

5.3. Phase III: Design and execute responses to risks

During the third phase of an audit, the auditor designs and executes responses to the risks of material misstatement iden-
tified in the previous audit phases (ISA 330 sec. 6, IFAC, 2009e). The chosen audit procedures can differ in nature, timing and
extent. They can include tests of controls or substantive audit procedures. Substantive audit procedures consist of tests of
details or substantive analytical procedures. Test of controls are conducted, for example, via observation of control activities
when these are carried out, the inspection of source documents such as approved purchase orders, the reperformance of con-
trol activities or through the application of analytical procedures (ISA 330 sec. A5, IFAC, 2009e). Tests of details related to
account balances, for example, include the inspection of supporting documentation for individual financial transactions. Sub-
stantive analytical procedures can include the comparison of accounting information and ratios such as inventory turnover
and development of revenues during a reporting period to assess the plausibility of account balances. Based on the under-
standing of the audited entity, its business processes and internal control system, the auditor decides which type of testing is
most suitable to gain sufficient audit evidence.
Other studies have already demonstrated that process mining can support auditors in assessing whether an internal con-
trol system was implemented appropriately and if it can be relied on for a specific business process (Chiu and Jans, 2019; Jans
et al., 2014). By using these techniques, the auditor can assess whether internal controls were appropriately designed to
address relevant control objectives, as well as their operating effectiveness (ISA 330 sec. 8, IFAC, 2009e). Assessing the oper-
ating effectiveness of internal controls is necessary to ensure that they were indeed operated appropriately during the com-
plete relevant reporting period.
With process mining, the auditor can inspect those process variants in detail that represent material classes of transac-
tions. The data attributes for each individually recorded event within such a variant can be analysed to identify what was
done, by whom and when (ISA 330 sec. 10, IFAC, 2009e). A control exception is indicated if a significant control activity
was not executed as expected to a material extent in a process variation.
The operating effectiveness of internal control components which are not embedded in a process as a dedicated control
activity can also be assessed. These controls are usually not recorded as separate events in the event log themselves, but they
can be assessed by analysing relevant transaction data values which are available as event attributes in the event log for
events that have been recorded. An example of such a control is the three-way match, which ensures that the quantities
and prices of ordered goods and services are the same as the ones that were received and invoiced. This control activity
can be executed manually or implemented into the source system (Chuprunov, 2012). Fig. 10 visualizes the analysis of
the three-way match for the audited entity. Based on the analysis of the data created by process mining, this control can
be re-performed for all relevant transactions automatically without having to inspect prepared source documents manually
or to check the actual implementation of this control in the source system, which would require highly specialized propri-
etary knowledge.
Fig. 10 shows the results from the case company’s process mining tool for comparing the prices between ordered and
invoiced goods (PO vs. INV) for the audited entity. The diagram in the lower left corner illustrates that the ordered prices

11
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Fig. 10. Automated internal control testing.

were identical to the invoiced prices for 8,284 cases. The expected invoice price was lower than the actual invoice price for
1,805 cases and higher for 480 cases. The diagram in the right lower corner illustrates some of the effects on the financial
accounts. The price differences where the ordered prices exceeded the invoiced prices were higher than those where the
invoiced prices exceeded the ordered ones. In total, the invoiced prices were $3,017,914 below the prices of the originally
ordered goods. Via these types of analysis an auditor can assess the operating effectiveness of internal controls directly, reli-
ably and extremely efficiently.
The gained information helps the auditor to evaluate found exceptions quantitatively, identify material weaknesses,
assess the control risk and determine the impact on the nature, timing and extent of further audit procedures. The price dif-
ferences between ordered and invoiced goods, for example, could be the result of missed or realized discounts for early pay-
ment depending on the chosen accounting methods by the audited entity. But it remains unclear if the respective control
failed or was subject to valid overrides in the given cases. The results from the analysis can be used to guide further substan-
tive audit procedures when the auditor notices deviations from controls (ISA 330 sec. 17, IFAC, 2009e). Outliers and unusual
items can also be directly identified. An auditor could, for example, individually inspect those cases where the difference
between the invoiced and order prices was above a certain threshold, or the auditor could inspect those process variants
where invoices were posted for ordered goods without any corresponding recording of received goods, as can be observed
when comparing the alternative control flow path from the activity purchase order modification to activity invoice posting in
Fig. 7. Further substantive audit procedures can be guided by directly selecting those cases that exhibit a suspicious pattern,
as has already been suggested in other studies (Werner and Gehrke, 2019).
The use of process mining has a profound impact on the testing of the operating effectiveness of internal controls and for
the planning of further substantive audit procedures. Manual control tests – which usually rely on the time-consuming
inspection of relevant source documents or the inspection of system parameters in the source systems, which requires highly
specialized knowledge for each individual source system – are no longer necessary. The totality of business transactions,
including metadata, can be analysed (Jans et al., 2013), which shifts the audit from a sampling approach to one that uses
novel data analytics to consider all relevant transactions in a smart and automated manner. The process mining tool assists
the auditor in assessing the gained information and making decisions on the use of further substantive audit procedures.

5.4. Phase IV: Conclude and communicate

The audit concludes with forming and reporting an opinion (ISA 700, IFAC, 2016) based on an evaluation of the conclu-
sions drawn from the obtained audit evidence (ISA 700 sec. 6, IFAC, 2016b). The use of process mining enhances the precision
and reliability of audit results by providing quantitative data on the performed audit procedures and their outcomes. Root
causes for identified deviations can be analysed by targeted additional substantive audit procedures, which can be integrated
into the audit as mitigating actions (ISA 330 sec. 17, IFAC, 2009e).
12
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Based on the quantitative data, it is possible to quantify control exception rates and to assess whether these remain
within acceptable tolerances (ISA 530 sec. 13, IFAC, 2009h). The number of transactions and the total amount affected by
a control exception can be calculated and documented. In combination with the gained process documentation, this serves
as evidence to document which risks and internal controls have been considered (ISA 315 sec. 20, IFAC, 2012b), the conse-
quences of identified deviations (ISA 330 sec. 17, IFAC, 2009e) and how a conclusion was drawn (ISA 230 sec. 2, IFAC, 2009b).
As part of the conclusion process, risk assessment can be confirmed or modified if control exceptions were systematic and
no sufficient compensating controls were identified (ISA 330 sec. 17, IFAC, 2009e; ISA 315 sec. 20, IFAC, 2012b). The nature of
control exceptions, as well as the identified root causes, can be explained and communicated to management and those
charged with governance in the audited entity (ISA 330 sec. 12, IFAC, 2009e; ISA 530 sec. 12, IFAC, 2009h).
Process mining can be employed in different phases of an audit, as summarized in Fig. 5 and discussed in detail in the
previous subsections, to support the auditor in various ways. The information gained from process mining complements
information gathered from traditional data analysis techniques during the different audit phases by establishing the link
between business processes, financial accounts and internal controls. It is especially valuable in carrying out tests of controls
where other types of support via data analysis techniques are currently lacking.
The review of relevant audit standards did not reveal any requirements which would hinder auditors from applying pro-
cess mining accordingly. This study focuses on process mining as a specific novel data analysis technique. Contemporary
studies show that a rich body of literature exists that discusses aspects of analytical procedures in external audit engagement
(Appelbaum et al., 2018). Despite the availability of this scientific knowledge, the acceptance of innovative analytics has been
low in auditing practice. Certainly, the availability of data suitable for such analytics is a critical prerequisite. The current
extent of data was not available in the past. There are also institutional barriers in the audit profession that impede innova-
tion (Curtis et al., 2016). But the opinions expressed during the focus group meetings which formed part of the field study –
as well as feedback received as a result of the IAASB DAWG initiative – indicate that uncertainty about whether novel data
analytics and their application comply with contemporary audit regulations is a major concern for decision makers. Audit
results are regularly reviewed as part of mandatory peer-reviews or by regulatory authorities. Non-compliance can have
extremely detrimental consequences for the responsible audit partners. Although this study only deals with process mining
as a particular data analysis technique, it might be fruitful to consider if similar studies related to other innovative data anal-
ysis techniques identified by Appelbaum et al. (2018) might reduce uncertainty and foster acceptance in the profession.

6. Summary

External auditors face new challenges due to the increasing integration of computer technology for the processing of busi-
ness transactions. Traditional audit procedures become inefficient and ineffective in audit environments that are character-
ized by a high degree of integration of information systems for transaction processing. Process mining is a novel data analysis
technique that can support the auditor in carrying out necessary audit procedures in a manner that overcomes contemporary
challenges. With process mining auditors can analyse business processes and relevant internal controls effectively and effi-
ciently. The entirety of recorded business transactions can be analysed and deviations identified automatically to guide fur-
ther substantive audit procedures. Process and related internal controls can be analysed and assessed in a quantitative
manner which makes it possible to determine the impact of control deficiencies on the financial accounts quantitatively.
Audit firms have started to react to market demands and have developed proprietary software tools and first solutions to
implement process mining into existing audit approaches. Although the potential benefits are significant for the audit pro-
fession, little guidance exists related to the question of how process mining techniques can be conceptually embedded into
financial statement audits and how this can be done to meet the requirements of contemporary audit standards. This study
has discussed how process mining can be embedded throughout the different phases of an audit to support the auditor by
considering the requirements formulated in the ISA and using illustrative examples from a field study.
Although process mining is highly relevant as a novel data analysis technique, several limitations should be taken into
account. During an audit, only those transactions and internal controls which have been recorded in the source systems
can be inspected via process mining. Transactions and control procedures conducted outside of the source system are not
covered per se, but can only be assessed indirectly by potentially analysing patterns within the recorded data (Werner
and Gehrke, 2019). The algorithms used to discover processes models meet different quality criteria (Rozinat et al., 2008).
External auditors generally require algorithms that provide no false negative and as few false positive audit results as pos-
sible, otherwise compliance violations might remain undetected or apparent compliance violations might be flagged which
did not occur in reality. Most mining algorithms in commercial applications are able to create perfectly fitting process mod-
els that prevent false negative audit results, but at the potential cost of high rates of false positives (Baader and Krcmar,
2018). Currently it is unclear how this might affect the usability of process mining in external audit settings on an opera-
tional level. Another challenge in process mining is the generation of the event log. The field study on the application of pro-
cess mining for a procurement process operated in a specific type of ERP system. Building the event log requires specific
knowledge of the implementation of the analysed business processes in the source system (Werner, 2017). It remains
unclear if the application of process mining can be extended for audit purposes to arbitrary processes and source systems
that might span across system and organization boundaries.
13
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

This study contributes to the professional and academic discussion of the effects novel data analytics have on statutory
financial audits (IFAC, 2016). It relies on a structured review and interpretation of relevant ISA. Results from a field study
exemplify how process mining can be conceptually embedded into real audits while satisfying the requirements expressed
in the ISA. It therefore demonstrates the feasibility of embodying process mining within financial statement audits.
This study does not measure and compare the outcome of its implementation in actual audits as a comparative study. An
interesting aspect in such an investigation would be to assess the outcomes of financial statement audits qualitatively and
quantitatively where process mining was used, against those that relied only on traditional audit techniques. This should
also consider assessing the availability of source data sets necessary for process mining and how their size compares to
source data needed for other data analysis techniques that are currently used in external audits. This consideration might
reveal insights to what extent the availability and size of event log data influences the usefulness of process mining in such
settings. Providing insights into these questions is planned by conducting a follow-up study that analyses qualitative and
quantitative data from the different pilot projects conducted by the case company.

References

AICPA, 2017. Guide to Audit Data Analytics. Wiley, Hoboken, NJ.

Appelbaum, D., Kogan, A., Vasarhelyi, M.A., 2017. Big data and analytics in the modern audit engagement: research needs. Auditing: J. Pract. Theory 36, 1–
27.
Appelbaum, D.A., Kogan, A., Vasarhelyi, M.A., 2018. Analytical procedures in external auditing: a comprehensive literature survey and framework for
external audit analytics. J. Account. Literature 40, 83–101.
Arens, A.A., Elder, R.J., Beasley, M.S., Hogan, C.E., 2017. Auditing and Assurance Services: An Integrated Approach. Pearson, Boston, MA.
Augusto, A., Conforti, R., Dumas, M., La Rosa, M., 2017. Split miner: discovering accurate and simple business process models from event logs. In: 2017 IEEE
International Conference on Data Mining (ICDM). IEEE, New Orleans, LA, pp. 1–10.
Baader, G., Krcmar, H., 2018. Reducing false positives in fraud detection: combining the red flag approach with process mining. Int. J. Account. Inform. Syst.
31, 1–16.
Barth, M.E., 2008. Global financial reporting: implications for U.S. Academics. Account. Rev. 83, 1159–1179.
Bierstaker, J., Janvrin, D., Lowe, D.J., 2014. What factors influence auditors’ use of computer-assisted audit techniques. Adv. Account. 30, 67–74.
Braun, R.L., Davis, H.E., 2003. Computer-assisted audit tools and techniques: analysis and perspectives. Managerial Audit. J. 18, 725–731.
CaseWare International Inc., 2020. IDEA [WWW Document]. URL idea.caseware.com
Celonis, 2020a. Celonis – World Market Leader in Process Mining [WWW Document]. URL www.celonis.com
Celonis, 2020b. Celonis Academic Alliance - Process Mining Education [WWW Document]. URL www.celonis.com/acal-teachers/
Chen, H., Chiang, R.H.L., Storey, V.C., 2012. Business intelligence and analytics: from big data to big impact. MIS Quarter. 36, 1165–1188.
Chiu, T., Jans, M., 2019. Process mining of event logs: a case study evaluating internal control effectiveness. Account. Horizons 33, 141–156.
Chuprunov, M., 2012. Handbuch SAP-Revision: Internes Kontrollsystem und GRC. Galileo Press, Bonn, Germany.
Curtis, E., Humphrey, C., Turley, W.S., 2016. Standards of innovation in auditing. Audit.: J. Pract. Theory 35, 75–98.
De Mauro, A., Greco, M., Grimaldi, M., 2016. A formal definition of big data based on its essential features. Library Rev. 65, 122–135.
de Medeiros, A.K.A., 2006. Genetic Process Mining. Eindhoven University of Technology, Eindhoven, the Netherlands.
Debreceny, R., Lee, S.-L., Neo, W., Toh, J.S., 2005. Employing generalized audit software in the financial services sector: challenges and opportunities.
Managerial Audit. J. 20, 605–618.
Deloitte, 2020. Welcome to the Deloitte Center of Process Bionics [WWW Document]. URL www2.deloitte.com/de/de/pages/finance/topics/center-of-
process-bionics.html
Deloitte, 2019. Spotlight [WWW Document]. URL www.spotlight.deloitte.co.uk
Dumas, M., Aalst, W. van der, Ter Hofstede, A. (Eds.), 2005. Process-Aware Information Systems: Bridging People and Software through Process Technology.
Wiley-Interscience, Hoboken, NJ.
Edgington, T.M., Raghu, T.S., Vinze, A.S., 2010. Using process mining to identify coordination patterns in IT service management. Decis. Support Syst. 49,
175–186.
EY, 2019a. EY Helix [WWW Document]. URL https://www.ey.com/en_gl/audit/technology/helix
EY, 2019b. Die Digitalisierung der Abschlussprüfung [WWW Document]. URL www.ey.com/Publication/vwLUAssets/ey-reporting-magazin-2016/$FILE/ey-
reporting-magazin-2016.pdf.
fluxicon, 2020. Discover Your Processes [WWW Document]. URL www.fluxicon.com/disco/
Fraunhofer Institute for Applied Information Technology, 2020. PM4PY [WWW Document]. URL, pm4py.fit.fraunhofer.de.
FRC, 2017. Audit Quality Thematic Review: The Use of Data Analytics in the Audit of Financial Statements.
Galvanize, 2020. Galvanize [WWW Document]. URL www.wegalvanize.com
Gehrke, N., 2010. The ERP AuditLab - a prototypical framework for evaluating enterprise resource planning system assurance. In: Proceedings of the 43th
Hawaii International Conference on System Sciences, pp. 1–9.
Gehrke, N., Müller-Wickop, N., 2010. Basic principles of financial process mining: a journey through financial data in accounting information systems. In:
Proceedings of the 16th Americas Conference on Information Systems. AMCIS, Lima, Peru.
Günther, C., van der Aalst, W.M.P., 2007. Fuzzy mining – adaptive process simplification based on multi-perspective metrics. Business Process Manag., 328–
343
Günther, C.W., Verbeek, E.H., 2012. XES Standard Definition. Eindhoven University of Technology, Eindhoven.
IFAC, 2018a. Data Analytics Working Group (DAWG) [WWW Document]. URL http://www.iaasb.org/projects/data-analytics
IFAC, 2018b. Exposure Draft ISA-315-Revised.
IFAC, 2016a. Exploring the Growing Use of Technology in the Audit, with a. Focus on Data Analytics.
IFAC, 2012a. Basis of ISA Adoption by Jurisdiction.
IFAC, 2012b. ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.
IFAC, 2009a. ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing.
IFAC, 2009b. ISA 230 Audit Documentation.
IFAC, 2009c. ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.
IFAC, 2009d. ISA 300 Planning an Audit of Financial Statements.
IFAC, 2009e. ISA 330 The Auditor’s Responses to Assessed Risks.
IFAC, 2009f. ISA 500 Audit Evidence.
IFAC, 2009g. ISA 520 Analytical Procedures.
IFAC, 2009h. ISA 530 Audit Sampling.
IFAC, 2016. ISA 700 (Revised) Forming an Opinion and Reporting on Financial Statements.

14
M. Werner, M. Wiese and A. Maas International Journal of Accounting Information Systems xxx (xxxx) xxx

Jans, M., 2012. Process mining in auditing: from current limitations to future challenges. In: Daniel, F., Barkaoui, K., Dustdar, S. (Eds.), Business Process
Management Workshops. Springer, Berlin, Heidelberg, pp. 394–397.
Jans, M., Alles, M., Vasarhelyi, M., 2014. A field study on the use of process mining of event logs as an analytical procedure in auditing. Account. Rev. 89,
1751–1773.
Jans, M., Alles, M., Vasarhelyi, M., 2013. The case for process mining in auditing: sources of value added and areas of application. Int. J. Account. Inform. Syst.
14, 1–20.
Jans, M., Hosseinpour, M., 2018. How active learning and process mining can act as continuous auditing catalyst. Int. J. Account. Inform. Syst. 32, 44–58.
Jans, M., Lybaert, N., Vanhoof, K., Van Der Werf, J.M., 2008. Business process mining for internal fraud risk reduction: results of a case study. In: Proceedings
of the International Research Symposium on Accounting Information Systems, Paris.
Janssenswillen, G., Depaire, B., Swennen, M., Jans, M., Vanhoof, K., 2019. bupaR: enabling reproducible business process analysis. Knowl.-Based Syst. 163,
927–930.
Kim, H.-J., Mannino, M., Nieschwietz, R.J., 2009. Information technology acceptance in the internal audit profession: impact of technology features and
complexity. Int. J. Account. Inform. Syst. 10, 214–228.
KPMG, 2020. KPMG Clara [WWW Document]. URL https://home.kpmg.com/xx/en/home/insights/2017/05/kpmg-clara-automated-agile-intelligent-and-
scalable.html
KPMG, 2018. Process Mining - Find and Present Process Alternatives to Real Life Processes to Make Them more Efficient and Controls more Effective [WWW
Document]. URL www.home.kpmg.com/be/en/home/insights/2017/09/process-mining.html
Labs, L.A.N.A., 2020. Automated Process Analysis with LANA Process Mining [WWW Document]. URL. www.lana-labs.com/en/.
Lee, C.K.H., Choy, K.L., Ho, G.T.S., Lam, C.H.Y., 2016. A slippery genetic algorithm-based process mining system for achieving better quality assurance in the
garment industry. Expert Syst. Appl. 46, 236–248.
Lee, S., Kim, B., Huh, M., Cho, S., Park, S., Lee, D., 2013. Mining transportation logs for understanding the after-assembly block manufacturing process in the
shipbuilding industry. Expert Syst. Appl. 40, 83–95.
Maita, A.R.C., Martins, L.C., López Paz, C.R., Rafferty, L., Hung, P.C.K., Peres, S.M., Fantinato, M., 2017. A systematic mapping study of process mining.
Enterprise Inform. Syst. 12, 505–549.
Müller-Wickop, N., Schultz, M., Gehrke, N., Nüttgens, M., 2011. Towards automated financial process auditing: aggregation and visualization of process
models. In: Proceedings of the Enterprise Modelling and Information Systems Architectures, Germany.
Nigrini, M.J., 2012. Benford’s Law: Applications for Forensic Accounting, Auditing, and Fraud Detection. Wiley Corporate F&A, Wiley, Hoboken, NJ.
PwC, 2019a. PwC’s Halo for Journals [WWW Document]. URL www.halo.pwc.com
PwC, 2019b. Process Intelligence - Optimising your Processes [WWW Document]. URL www.pwc.com/m1/en/events/iia2018/process-intelligence.pdf
Rozinat, A., de Medeiros, A.K.A., Günther, C.W., Weijters, A., van der Aalst, W.M.P., 2008. The need for a process mining evaluation framework in research and
practice. Business Process Manage. Workshops, 84–89.
UiPath, 2020. Robotic Process Automation | UiPath [WWW Document]. URL www.uipath.com.
van der Aalst, W.M.P., 2016. Process Mining: Data Science in Action. Springer, Berlin, Germany.
van Zelst, S.J., van Dongen, B.F., van der Aalst, W.M.P., Verbeek, H.M.W., 2018. Discovering workflow nets using integer linear programming. Computing 100,
529–556.
Wang, Y., Caron, F., Vanthienen, J., Huang, L., Guo, Y., 2014. Acquiring logistics process intelligence: methodology and an application for a Chinese bulk port.
Expert Syst. Appl. 41, 195–209.
Weijters, A., van der Aalst, W.M.P., de Medeiros, A.K.A., 2006. Process mining with the heuristics miner-algorithm. Technische Universiteit Eindhoven, Tech.
Rep. WP 166.
Werner, M., 2017. Financial process mining - accounting data structure dependent control flow inference. Int. J. Account. Inform. Syst. 25, 57–80.
Werner, M., 2013. Colored petri nets for integrating the data perspective in process audits. In: Proceedings of the 32nd International Conference on
Conceptual Modeling (ER 2013). Hong Kong, China, pp. 387–394.
Werner, M., Gehrke, N., 2019. Identifying the absence of effective internal controls: an alternative approach for internal control audits. J. Inform. Syst. 33,
205–222.
Werner, M., Gehrke, N., 2015. Multilevel process mining for financial audits. IEEE Trans. Serv. Comput. 8, 820–832.
Werner, M., Gehrke, N., Nüttgens, M., 2013. Towards automated analysis of business processes for financial audits in: Wirtschaftsinformatik Proceedings
2013. Leipzig, pp. 375–389.
Werner, M., Gehrke, N., Nüttgens, M., 2012. Business process mining and reconstruction for financial audits. In: Proceedings of the 45th Hawaii International
Conference on System Sciences (HICSS 2012). Maui, pp. 5350–5359.
Yoo, S., Cho, M., Kim, E., Kim, S., Sim, Y., Yoo, D., Hwang, H., Song, M., 2016. Assessment of hospital processes using a process mining technique: outpatient
process analysis at a tertiary hospital. Int. J. Med. Inf. 88, 34–43.
Zapliance, 2020. Process Mining for SAP [WWW Document]. URL https://www.zapliance.com/en/

15